safeguard - A software configuration, hardware, or procedure that eliminates a vulnerability or reduces the risk of a threat agent from being able to exploit a vulnerability. Also called a countermeasure or control.
SAML - (Security Assertion Markup Language) - An XML standard that allows the exchange of authentication and authorization data to be shared between security domains.
sandbox - An isolated test environment that simulates the production environment but will not affect production components/data.
sandboxing - A type of control that isolates processes from the operating system to prevent security violations.
SAST - (Software Source Code Analysis) - Analysis of the application source code for finding vulnerabilities without executing the application.
SCADA - (Supervisory Control And Data Acquisition) - A system for remotely monitoring and controlling physical systems such as power and manufacturing plants.
SD-WAN - (Software Defined Wide Area Network) - An extension of the SDN practices to connect to entities spread across the internet to support WAN architecture especially related to cloud migration.
SDN - (Software-Defined Networking) - An approach to networking that relies on distributed software to provide improved agility and efficiency by centralizing the configuration and control of networking devices.
secure configuration management - Implementing the set of appropriate procedures to control the life cycle of an application, document the necessary change control activities, and ensure that the changes will not violate the security policy.
Security Assertion Markup Language - An XML standard that allows the exchange of authentication and authorization data to be shared between security domains.
security control framework - A notional construct outlining the organization
security evaluation - Assesses the degree of trust and assurance that can be placed in systems for the secure handling of sensitive information.
security governance - The entirety of the policies, roles, and processes the organization uses to make security decisions in an organization.
security information and event management - A software platform that aggregates security information and security events and presents them in a single, consistent, and cohesive manner.
security kernel - The hardware, firmware, and software elements of a trusted computing base (TCB) that implement the reference monitor concept. The kernel must mediate all access between subjects and objects, be protected from modification, and be verifiable as correct.
security label - An identifier that represents the security level of an object.
security perimeter - An imaginary boundary between the components within the trusted computing base (TCB) and mechanisms that do not fall within the TCB. It is the distinction between trusted and untrusted processes.
security policy - Documentation that describes senior management\'s directives toward the role that security plays within the organization. It provides a framework within which an organization establishes needed levels of information security to achieve the desired availability, integrity, and confidentiality goals. A policy is a statement of information values, protection responsibilities, and organization commitment managing risks.
security testing - Testing all security mechanisms and features within a system to determine the level of protection they provide. Security testing can include penetration testing, formal design and implementation verification, and functional testing.
segment - Data representation at Layer 4 of the Open Systems Interconnection (OSI) model.
sensitive information - Information that would cause a negative effect on the company if it were lost or compromised.
sensitivity label - A piece of information that represents the security level of an object. Sensitivity labels are used by the TCB as the basis for mandatory access control (MAC) decisions.
separation of duties - A security principle that splits up a critical task among two or more individuals to ensure that one person cannot complete a risky task by himself.
session initiation protocol - A signaling protocol used for initiating, maintaining, and terminating real-time sessions that include voice, video and messaging applications.
shoulder surfing - When a person looks over another person\'s shoulder and watches keystrokes or watches data as it appears on the screen in order to uncover information in an unauthorized manner.
SIEM - (Security Information and Event Management) - A software platform that aggregates security information and security events and presents them in a single, consistent, and cohesive manner.
simple security property - A Bell-LaPadula security model rule that stipulates that a subject cannot read data at a higher security level.
single factor authentication - Involves the use of simply one of the three available factors solely to carry out the authentication process being requested.
single loss expectancy - A dollar amount that is assigned to a single event that represents the company\'s potential loss amount if a specific threat were to take place. [asset value
single sign-on - A technology that allows a user to authenticate one time and then access resources in the environment without needing to reauthenticate.
SIP - (Session Initiation Protocol) - A signaling protocol used for initiating, maintaining, and terminating real-time sessions that include voice, video and messaging applications.
SLE - (Single Loss Expectency) - A dollar amount that is assigned to a single event that represents the company\'s potential loss amount if a specific threat were to take place. [asset value
smurf - ICMP Echo Request sent to the network broadcast address of a spoofed victim causing all nodes to respond to the victim with an Echo Reply.
social engineering - The act of tricking another person into providing confidential information by posing as an individual who is authorized to receive that information.
software assurance - The level of confidence that software is free from vulnerabilities either intentionally designed into the software or accidentally inserted at any time during its lifecycle and that it functions in the intended manner.
software defined wide area network - An extension of the SDN practices to connect to entities spread across the internet to support WAN architecture especially related to cloud migration.
software-defined networking - An approach to networking that relies on distributed software to provide improved agility and efficiency by centralizing the configuration and control of networking devices.
spoofing - Presenting false information, usually within packets, to trick other systems and hide the origin of the message. This is usually done by hackers so that their identity cannot be successfully uncovered.
SSO - (Single Sign-On) - A technology that allows a user to authenticate one time and then access resources in the environment without needing to reauthenticate.
standards - Rules indicating how hardware and software should be implemented, used, and maintained. Standards provide a means to ensure that specific technologies, applications, parameters, and procedures are carried out in a uniform way across the organization. They are compulsory.
star property - A Bell-LaPadula security model rule that stipulates that a subject cannot write data to an object at a lower security level.
statement coverage - This criterion requires sufficient test cases for each program statement to be executed at least once
static source code analysis - Analysis of the application source code for finding vulnerabilities without executing the application.
steganography - Hiding something within something else, or data hidden within other data.
strategic goals - Long-term goals that are broad, general statements of intent. Operational and tactical goals support strategic goals and all are a part of a planning horizon.
stream cipher - When a cryptosystem performs its encryption on a bit-by-bit basis.
striping - RAID technique
subject - An active entity, generally in the form of a person, process, or device, that causes information to flow among objects or that changes the system state.
substitution - The process of exchanging one letter or bit for another.
supervisor state - One of several states in which an operating system may operate, and the only one in which privileged instructions may be executed by the CPU.
1
2
Comments are closed